Yet more stupid sessions...

tooom

Hello! Im new to this site but came here for help because the book "PHP 5 in easy steps" recommended it.
Anyway, i've been writing a user authentication system recently (http://npass.n-fusion.co.uk) and have run into some session troubles (ive looked through all the relevant threads I could find with no joy). Basically, when you login to the system, it authenticates you correctly, detects your access settings and writes the session variables out at the top of the screen to prove that they exist (this is a temp feature while in dev.) However, upon changing pages (clicking the "home" button), the variables do not appear anymore and the control panel dissapears (meaning $SESSION['user'] is not set). Ive tried a few things to solve this but cant for the life of my think whats wrong. Onto the code, the php file that appears in the address bar has practically nothing to do with sessions. All it does is require('core.php') in order to establish the variables to print. Upon the login procedure being called, core.php runs this bit of code

if($command == "login")
{
if((!$user) or (!$pass))
{$text2 = "Fill in all fields please!";}
else
{
$res = query("select * from npass where user=\"$user\" and passenc=password(\"$pass\")");
$num = mysql_numrows( $res );
if($num != 0)
{
$stuff = mysql_fetch_array($res);
$_SESSION['user'] = $stuff['user'];
$_SESSION['avatar'] = $stuff['avatar'];
$_SESSION['passenc'] = $stuff['passenc'];
$_SESSION['comment'] = $stuff['comment'];
$_SESSION['description'] = $stuff['description'];
$_SESSION['email'] = $stuff['email'];
$_SESSION['name'] = $stuff['firstname'];
$_SESSION['access'] = $stuff['access'];
$_SESSION['usid'] = $stuff['id'];
$_SESSION['logins'] = $stuff['logins'];
$_SESSION['date'] = $stuff['date'];
$_SESSION['active'] = $stuff['active'];
$text3= $_SESSION['user'].$_SESSION['avatar'].$_SESSION['passenc'].$_SESSION['comment'].$_SESSION['description'].$_SESSION['email'].$_SESSION['name'].$_SESSION['access'].$_SESSION['usid'].$_SESSION['logins'].$_SESSION['date'].$_SESSION['active'];
if($_SESSION['active'] == 1)
{
$text2 = "Login Successful!";
}
else
{
$text2 = "Your account is inactive! You must activate it by clicking the link in your email first!"; session_destroy();
}
}
else
{
$text2 = "Incorrect user name and/or password! Please Login again"; 
}
}
}

It authenticates fine, then however, basically logs you out when you switch pages.

if(!isset($_SESSION['user']))
{
$side='<form action="login2.php?command=login" method="post"><h1>Login</h1><center><p>Username:<br><input type="text" name="user" class="form"><br><Br>Password<br><input class="form" type="password" name="pass"><br>
<br>Forgotten your user name or password? Click <a href="recover.php">here.</a><br><Br><input type="submit" value="Login" class="form"></form><br><a href="resend.php">Resend my confirmation email.</a></center></p>';
}
else
{
$side='<h1>'.$_SESSION['name'].'\'s Control Panel<br>User controls</h1><center><a href="changepass.php"><img src="img/pass.gif" border="0"></a><a href="changeemail.php"><img src="img/email.gif" border="0"></a><br>
<a href="delaccount.php"><img src="img/delete.gif" border="0"></a><a href="changeother.php"><img src="img/other.gif" border="0"></a>';
if($_SESSION['access'] > 0)
{
$side .= '<br><br><h1>Admin only controls</h1><center><a href="chkusers.php"><img src="img/users.gif" border="0"></a>'; 
}
$side .= '</center>';
}

That bit of code determines whether or not you are logged in.
Id really appreciate any halp you could give!
If you need to, you can use these user details:
User: test
pass: test
Thanks
Tom Hands

halojoy

<?php
session_start();
if ( isset( $_SESSION[ 'loggedin_alright' ] ) ) {
$user_status = 1;
}
else {
$user_status = 0;
}

if ( !$user_status ) {
       echo "go login, please<br>
                <a href='login.php'>Login page</a>";
       exit;
}
else {
echo "
<html>
<body>
Welcome<br>
to member area
<hr>";
}
?>
<pre>
Latest member news:
Member number 56 has now received his second child
As usual nobody knows from where that little thing came
Just as little we know where spirits of our for-fathers and -mothers went
after we buried them as deep as we could
</pre>
</body>
</html>

If you want to see a nice little set of 4 pages,
using session in a good way (tested okay)

----> click this a here link

http://www.phpbuilder.com/board/showpost.php?p=10639901&postcount=7

/halojoy now
submitting his old posts
instead of writing them again

and again ....

and again ...

Good Luck with your new good session coding
tooooooooooooooooooooooooooommmmmmmmmmmmmmm
🙂

tooom

Thanks for the help halojoy, ive tested your 4 page thing on my server and it all works fine and dandy, which is even more bewildering as I no have no idea whatsoever as to why the sessions wont work. i could incorporate the code you gave me, but I cant see as its any different to mine (except with less variables and less if statements). Anyway, to give some more info: The cookie ive checked (using JS) and it exists and maintains the same session ID. PHP info on my server returns :

session

Session Support enabled

Registered save handlers files user

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid On On

If you need any more of the script just ask! i can post it all!
Cheers
Tom

maxpup979

So you know that sessions are working on your machine, just something is goofy with yours. So start with what you know works, add an element, test it, add another element etc. One of two things will happen. You will have all of your vars working, thus fixing the problem, or you will find the piece that is breaking everything, fix it, thus fixing your problem

tooom

Ok thanks max pup ill try it 2moro

halojoy

tooom wrote:
Thanks for the help halojoy,
I've tested your 4 page thing on my server and it all works fine and dandy,
which is even more bewildering

as I no have no idea whatsoever as to why my sessions wont work.

I could incorporate the code you gave me,

but I cant see as its any different to mine

If you need any more of the script I can post it all!
Cheers
Tom

Well, Tooooooommmmm

if my code works
and your session does not
there has to be some real Significant difference
even 'if you can not see' it

I will take a wild guess here, without me even seeing
code you use in those pages that check you session variables

If you notice one thing, in my code above
All 4 pages of mine begin the same:

<?php
start_session(); // hasto start session

// rest of code

if ( $_SESSION [ "user" ] == "halojoy" )
echo "nice try, but .....<br>
sorry, man - you are banned from here";

?>

My guess is you do not start session in every page,
where you work with session variables

If I wasnt right.
you better post 2-3 more pages, showing how you deal with sessions
and someone from here will solve this for you
in 10 minutes!

Regards
/halojoy

tooom

Hi
Ive loooooooooooked and looooooooooooked and loooooooooooked but no sign of whats wrong! Ive tried removing the session_destroy() calls but that didnt work. I tried taking out some unneeded bits but no joy there either. Sooooo.... heres allllllll te code from core.php which is called using a require function as the first bit of php on each page:

<?php
session_start();
$command = $_GET['command'];
$user = $_POST['user'];
$pass = $_POST['pass'];
$passconf = $_POST['passconf'];
$email = $_POST['email'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$avatar = $_POST['user'];
$description = $_POST['description'];
$comment = $_POST['comment'];
$idgrab = $_POST['id'];
$me = $_SERVER['PHP_SELF'];
$date = date("d/m/Y");

global $text;
global $text2;

$conn = @mysql_connect("BLANKED", "BLANKED", "BLANKED")
	or die("Connection to MySQL failed because ".mysql_error());
$rs = @mysql_select_db( "BLANKED", $conn)
	or die("Couldnt access database because ".mysql_error());

function query($query)
{

$res = @mysql_query( $query)
	or die("Couldnt execute query because ".mysql_error());
return $res;
}

if($command == "lostpass")
{
$text2 = "Enter your email address below to get your password sent to your email address:<bR>
<form action=\"$me?command=lostsend\" method=\"post\">
<input type=\"text\" name=\"email\" value=\"Email address\">
<input type=\"submit\" value=\"Send pass!\">
</form>";
}


if($command == "signup")
{
if($pass == $passconf)
{
if((!$user) or (!$pass) or (!$passconf) or (!$email) or (!$firstname) or (!lastname))
{
$text2 = "Oops, fill in all the fields!";
}
else
{
$res = query("select * from npass where email=\"$email\"");
$num = mysql_numrows( $res );
if($num > 0)
{
$text2 = "This e-mail address has an account. Please do not create multis. Well, you err cant so up yours :-p.";
}
else
{
$res = query("select * from npass where users=\"$user\"");
$num = mysql_numrows( $res );
if($num > 0)
{
$text2 = "This username has an account. Please try again!";
}
else
{
$res = query("insert into npass (user, password, passenc, date, email, firstname, lastname, id, active, access, comment, avatar, logins, description, posts) values (\"$user\", \"$pass\", password(\"pass\"), \"$date\", \"$email\", \"firstname\", \"lastname\", \"0\", \"0\", \"0\", \"$comment\", \"$avatar\", \"0\", \"$description\", \"0\")");
}
}
}
}
else
{
$text2 = "Passwords need to match!";
}
}

if($command == "lostsend")
{
if(!$email)
{
$text2 = "You need to enter your address to have your password sent!";
}
else
{
$res = query("select * from npass where email=\"$email\"");
$num = mysql_numrows( $res );
if($num > 0)
{
$stuff = mysql_fetch_array($res);
mail( $email, "Your npass password", "Dear user,/n Here is your password: ".$stuff['pass']."/nYours, the nPass team"  )
or die('Failed to send message - unresolveable error');
$text2 = "Pass sent!";
}
else
{
$text2 = "E-Mail address not found, try again!";
}
}
}

if($command == "logout")
{
session_destroy();
$text2 = "Logout successfull";
}

if($command == "login")
{
if((!$user) or (!$pass))
{$text2 = "Fill in all fields please!";}
else
{
$res = query("select * from npass where user=\"$user\" and passenc=password(\"$pass\")");
$num = mysql_numrows( $res );
if($num != 0)
{
$stuff = mysql_fetch_array($res);
$_SESSION['user'] = $stuff['user'];
$_SESSION['avatar'] = $stuff['avatar'];
$_SESSION['passenc'] = $stuff['passenc'];
$_SESSION['comment'] = $stuff['comment'];
$_SESSION['description'] = $stuff['description'];
$_SESSION['email'] = $stuff['email'];
$_SESSION['name'] = $stuff['firstname'];
$_SESSION['access'] = $stuff['access'];
$_SESSION['usid'] = $stuff['id'];
$_SESSION['logins'] = $stuff['logins'];
$_SESSION['date'] = $stuff['date'];
$_SESSION['active'] = $stuff['active'];
$text3= $_SESSION['user'].$_SESSION['avatar'].$_SESSION['passenc'].$_SESSION['comment'].$_SESSION['description'].$_SESSION['email'].$_SESSION['name'].$_SESSION['access'].$_SESSION['usid'].$_SESSION['logins'].$_SESSION['date'].$_SESSION['active'];
if($_SESSION['active'] == 1)
{
$text2 = "Login Successful!";
}
else
{
$text2 = "Your account is inactive! You must activate it by clicking the link in your email first!"; session_destroy();
}
}
else
{
$text2 = "Incorrect user name and/or password! Please Login again"; 
}
}
}

if($command=="confirm")
{
if(!$idgrab)
{
$text2 = "Only visit here with a real account activation key please";
}
else
{
query("update npass set active = \"1\" where id = \"$idgrab\"");
$text2("Your account is now active! You may now login.");
}
}


if(!isset($_SESSION['user']))
{
$text = "You aren't logged in. Click <a href=\"login.php\">here</a> to log in";
}
else
{
$sql = "select * from npass where user = \"".$_SESSION['user']."\" and passenc = \"".$_SESSION['passenc']."\"";
$res = query($sql);
$num = mysql_numrows( $res );
if($num != 0)
{
$text = "Welcome back ".$_SESSION['name'].". You are logged in. Click <a href=\"index.php?command=logout\">here</a> to logout";
}
else
{
$text = "Authentication failed! Please Login again"; session_destroy();
}
}



if(isset($_SESSION['user']))
{
$img = "logout.gif";
$link = "login2.php?command=logout";
}
else
{
$img = "login.gif";
$link = "login.php";
}
$head='
<meta name="author" content="Tom Hands - tom@n-fusion.co.uk">
<meta name="content" content="N-Pass, the N-Fusion authentication system">
<meta name="generator" content="NOTEPAD :P">
<title>N-Pass - The N-Fusion authentication system - '.$me.'</title>
<link href="style.css" type="text/css" rel="stylesheet">
<style type="text/css">
<!--
.form {  font-size: 12px; color="white"; background-image: url(bar.png); font-family="tahoma"; border:blue 1px}
-->
</style>';

$top='
<center>
<img src="logo.gif"><br><br>
<img name="links" src="links.gif" width="687" height="32" border="0" usemap="#m_links" alt=""><map name="m_links">
<area shape="rect" coords="569,-1,683,31" href="help.php" alt="" >
<area shape="rect" coords="455,-1,570,31" href="control.php" alt="" >
<area shape="rect" coords="342,-1,457,31" href="sites.php" alt="" >
<area shape="rect" coords="231,-1,344,31" href="register.php" alt="" >
<area shape="rect" coords="116,-1,231,31" href="about.php" alt="" >
<area shape="rect" coords="1,-1,116,31" href="index.php" alt="" ><a href="'.$link.'"><img src="'.$img.'" border="0"></a></center>';

if(!isset($_SESSION['user']))
{
$side='<form action="login2.php?command=login" method="post"><h1>Login</h1><center><p>Username:<br><input type="text" name="user" class="form"><br><Br>Password<br><input class="form" type="password" name="pass"><br>
<br>Forgotten your user name or password? Click <a href="recover.php">here.</a><br><Br><input type="submit" value="Login" class="form"></form><br><a href="resend.php">Resend my confirmation email.</a></center></p>';
}
else
{
$side='<h1>'.$_SESSION['name'].'\'s Control Panel<br>User controls</h1><center><a href="changepass.php"><img src="img/pass.gif" border="0"></a><a href="changeemail.php"><img src="img/email.gif" border="0"></a><br>
<a href="delaccount.php"><img src="img/delete.gif" border="0"></a><a href="changeother.php"><img src="img/other.gif" border="0"></a>';
if($_SESSION['access'] > 0)
{
$side .= '<br><br><h1>Admin only controls</h1><center><a href="chkusers.php"><img src="img/users.gif" border="0"></a>'; 
}
$side .= '</center>';
}
$bottom='<p>Copyright Tom Hands 2005. All rights reserved. This site is <br><img src="cert.png"></p>';
session_write_close();
print($text.$text2.$text3);
?>

Please not some bits (such as the add user bit) have been left until the sessions work and are incomplete.
Id appreciate any help. If theres still no joy ill do a rewrite around halojoys code (thanks again halojoy)
thanks
toooo<insert several thousand "o"s here>oooom

LoganK

Try simple debugging:

session_start()
$_SESSION['test'] = "foo";

// Next page:
session_start()
echo $_SESSION['test'];

If it works, than gradually build your way up to the session functions in your script. By starting with small, simple debugging, and verifying that they work, you can work your way up to the real problem.

halojoy

hey, tttttttttttttttttttttttttttttommmmmmmmmmmmmmmmmmmm

your code looks alright - should work

what exactly is it that goes wrong?
how do you know it doesnt work?
what error messages, concerning session not working do you get?
any other warnings or notices from PHP error_reporting function?

if you are unsure, if you have FULL E_ALL error_reporting()

Start every page involved in this script:

<?php
error_reporting( E_ALL );  // turns on even small notices, even if not real error
session_start();

// rest of your script

?>

As I said,
your script looks nice and should work.
Let us find that little detail, that we have to change.

============
to do this we need all info we can get (as much as possible - like in a police crime case)

ABOUT Type of Problem ( 1. what you expect and 2. what happens instead, that makes your head ache
)
ABOUT PHP settings regarding SESSIONS ( I think you have posted this above, already)
.......... but as my script runs 'dandy', It is a good chance nothing is wrong here
ANY even small ERROR_REPORT or E_NOTICE or E_WARNING you can see when you run your page / pages
Eventually, see some HTML source from page that doesnt work - to track what php did / didnt do[/b]

most of this you can do yourself,
but tell us how it is going,
many heads together ( brainstorming ) can do more then 1 head - deosnt matter how bright this lonely Einstein may be

/halojoy

LoganK

Halojoy, what time is it over there in Sweden? You always seem to post when I'm asleep... 😃

Also, I thought you were a flat-file kind of guy. Do you know DB (no offense)?

Tom (very simple, one "o") - have you tried debugging yet?

halojoy

LoganK wrote:
1. Halojoy, what time is it over there in Sweden? You always seem to post when I'm asleep
2. Tom (very simple, one "o") - have you tried debugging yet?

Sweden is always before its time,
at least copared to those slow yankees ( pray GOD, I never end up in a prison managed by yankees, wankies )
They have not even adopted human rights thinking yet. And civil conduct in meeting with strangers.
But I am being told, they do not make difference by skin colour no more.
Can we believe this?
you never know, do you ...

We in the east lead the progress in time these modern days.
And still we are far behind China India and Japan!

When something is new in florida, it is already old in Sweden and Europe.
Remember, when USA was built, Europe Egypt China Babylon CULTURES had existed for several 1.000 years.

to make it easy for you:
In summer (daylight saving time) sweden use: GMT+2
Rest of year we use Central European Time: GMT+1

halojoy - situated at best side of Atlantic Ocean

.... and like so many others, have no longing whatsoever to get to any other side of this sea

🙂 🙂

LoganK

You should come over to Florida once - it's very nice in the spring (not now - it's as hot as you-know-what). Your bold text is what I needed - GMT+1. I'm GMT-1, so right now for me it's 11:16 a.m., so I need to add 5: 4:16 p.m., and then add 1: 5:16 p.m. over in your area. Right? I hope I am...

You mentioned how you hope to never end up in a prison managed by yankees (or Americans)...what would make you end up in a prison in the first place? 😉 Is there more to halojoy than what meets the eye?

halojoy wrote:
They have not even adopted human rights thinking yet. And civil conduct in meeting with strangers

What do you mean?

tooom

Sorry, been off on a mammoth gaming session all day (mario golf, ehehehe)
Anyway, ill try halojoys error reporting thing first (as its a bit easier than the debugging thing of basically starting again) then ill report here and then do some debugging stuffs.
Thanks for all your help so far!
Tom

LoganK

tooom wrote:
Sorry, been off on a mammoth gaming session all day (mario golf, ehehehe)

Mario Golf? Play a good game, like doom or quake or half-life (2). Mario golf...you should be ashamed to call yourself a gamer! 😉

tooom wrote:
Anyway, ill try halojoys error reporting thing first (as its a bit easier than the debugging thing of basically starting again) then ill report here and then do some debugging stuffs.
Thanks for all your help so far!
Tom

Debugging does not start all over again. Rather, you create a very simple second page that does the basic thing that you want to accomplish. If it works, then you kind of know where to look in your app for the error.

Trust me, if debugging meant starting all over again, Windows would be extremely riddled with holes. Oh wait, that's already happened 😃. But if debugging were really like that, no one would program. Perhaps you should do a bit of research on what debugging is all about. It might help you out in the long run.

tooom

I want half life 2 but i'm not allowed it (at least, until I buy my own pc), and anyway, Zelda beats the carp out of it anyday :p
Anyhoo, by debugging I thought you meant building it up again in that second file... I already did a bit of debugging (removing stuff, adding extra prints to try and discover whats working and whats not) but ill try some more stuffs 2moro.
As for the error reporting, nothing but basic "the variable is null" aka "undefined index" things that are mainly from form inputs that dont exist yet.

LoganK

Not allowed it? Oh, so you must be one of those codes/gamers who still lives with their parents. Or a minor.

I wouldn't say Zelda beats Half-Life 2, but it does beat Mario Golf. What I'm partial to is either Minority Report or SSBM on Gamecube.

Your bit of debugging is exactly what you need to continue doing. Adding extra prints to display the value of variables mid-way through processing is what I always do. For example, if I feed a variable into a custom function and it's not returning the value right, I'll add a print before the function, a print inside the function when it starts, prints whenever the function alters the variable, and a print right before the function ends. That way I can trace the value between all the steps. It'd be good if PHP had a function like this built-in for debugging purposes. Or it'd be really great if someone wrote a debugging class.

tooom

Actually, Im one of these teenagers thats not at the legal age to own or rent accomadation :p It also puts me below the income level needed to buy a half decent PC of my own.
SSBM rocks, i got it as my 2nd gamecube game, and minority report ive never played.
Anyway, ive been debugging like that since my Rapid Q basic days, and its never failed to solve a problem. I hope this time is no different.

LoganK

"One of those teenagers thats not at the legal age to own or rent accomadation"

Basically, under 18, or a minor, right? I was under the assumption that those over 18 can own and/or rent if need be. This is kind of bad reasoning, but when Bart got emancipated in The Simpsons, he went and bought his own place. Since emancipation declares you legally an adult, and since being 18 also declares you legally an adult, then through the transitive property (brings back fun math classes, right?) being 18 = able to buy/rent space/land.

Ok, enough with law and math 😃.

I got SSBM as my 1st gamecube game, 2nd was Mario Sunshine (also fun, but way too easy). Minority Report is only good because you can smash almost everything in sight. Wouldn't that be an interesting game idea? Create a game where the whole point is to smash things to pieces and/or interact with the real physics. I dunno, but I'd like a game like that. Being able to break everything, toss everything around and see it respond realisticly according to the laws of physics...would be just awesome. Especially since I can't do that in the real world or they lock me up in the loony bin.

There I go again, back to physics.

Rapid Q basic? I've heard of Qbasic (I used to program in that), but not Rapid Qbasic. Care to explain?

tooom

Heh, I got Mario Sunshine on order now along with mario tennis and the new zelda.
Anyhoo, rapid q was a bit of a project by a guy called William Yu who wrote a compiler and IDE for it before being hired by some basic-language-making corporation at which point he stopped. I released one program in it: http://bob.n-fusion.co.uk/ (yes, I du use the same host for everything, because i'm allowed unlimited subdomains :p). the main website for it closed, so you can go googling if you want it, but ill ask my mate when he comes on msn.
Now debugging
Tom

LoganK

You'll like Mario Sunshine - just don't get too frustrated at the one level where you have to clean up the goop. Out of all of them, that was the hardest (for me). Mario Tennis? Do you have some fascination with video-game sports? 😃

He wrote a compiler and IDE for it? So, could you program BASIC but compile it into an executable?

Your "same host" remark leads me to believe that http://n-fusion.co.uk/ is your main web address, I presume?

Have fun debugging!